An operating-system-level virtualization method is a method of running an isolated user-space instance, sometimes called a container, on a “host” computing system. A particular host computing system may run multiple containers at any given time. Each container is allocated a respective amount of computing resources, including processor cycles, memory, and the like, to emulate a particular set of hardware running a particular operating system and being configured to execute a particular set of software.
A container can run any suitable number of processes, including computer programs, scripts, and services. During use, the host computing system is transparent to the user of the container. In certain instances, a requesting process may wish to communicate with a target process. If both processes are in the same container, the operating system run by the container may mediate the communication in any suitable conventional manner. However, if the requesting and target processes are in different containers, the host computing system must mediate the communication. Although certain existing techniques, such as the use of sockets and pipes, can be used by the host computing system, these techniques have significant security vulnerabilities as a result of combining intra-container and inter-container communications.
As such, there is a need for a method for mediating inter-container communications with improved security.